#!/bin/bash
#
#********************************************************************
#Author:                songliangcheng
#QQ:                    2192383945
#Date:                  2023-02-18 14:16:19
#FileName：             install-firewall.sh
#URL:                   http://blog.mykernel.cn
#Description：          curl -sSLf https://gitee.com/slcnx/tools/raw/master/scripts/firewalld/install-firewall.sh  |  sed 's/\r//g' | bash -s -- -e eth0 -i eth1 -p 2145 -x REJECT -n ACCEPT
#Copyright (C):        2023 All rights reserved
#********************************************************************
#-e|--external-interface 选项必须传递
#-i|--internal-interface 选项必须传递
#-et|--external-interface-target 选项可以省略
#-it|--internal-interface-target 选项可以省略
#-p|--external-port 选项必须传递

source <(curl -sSLf https://gitee.com/slcnx/tools/raw/master/parse_cmd.sh | sed 's/\r//g')

CONFIG='

key    ,argument    ,isempty    ,desc    

-e|--external-interface    ,external_interface    ,0    ,外网接口

-i|--internal-interface    ,internal_interface    ,0    ,内网接口

-x|--external-interface-target    ,external_interface_target    ,1    ,外网接口默认ACCEPT，REJECT

-n|--internal-interface-target    ,internal_interface_target    ,1    ,内网网接口默认ACCEPT，REJECT

-p|--external-port    ,external_port    ,0    ,外网必须打开的端口，一般是ssh端口

'
parse_cmd $@

echo $external_interface $internal_interface $external_port

: ${external_interface_target:=ACCEPT}
: ${internal_interface_target:=ACCEPT}


echo "$external_interface_target $internal_interface_target "

apt install firewalld -y
systemctl status firewalld || true
systemctl enable firewalld
systemctl start firewalld
sudo firewall-cmd --zone=external --change-interface=${external_interface} --permanent
sudo firewall-cmd --zone=internal --change-interface=$internal_interface --permanent
sudo firewall-cmd --zone=external  --set-target=$external_interface_target --permanent
sudo firewall-cmd --zone=internal --set-target=$internal_interface_target --permanent
sudo firewall-cmd --zone=external --add-port=$external_port/tcp --permanent # ssh
# 上面只是permanent写配置，未生效，现在是生效。
sudo firewall-cmd --reload
